CopyCharm Privacy Policy

This Privacy Policy explains how KK Inc. (“Company,” “we,” “us,” or “our”) collects, uses, stores, protects, discloses, and deletes information in connection with CopyCharm, including the CopyCharm desktop application, website, cloud features, AI Access features, APIs, integrations, and related services.

This Privacy Policy applies to users who access, download, install, purchase, activate, or use CopyCharm.

This Privacy Policy should be read together with our Terms of Use. If there is any conflict between this Privacy Policy and the Terms of Use regarding the handling of personal information, this Privacy Policy will govern to the extent of that conflict.

In this Privacy Policy, “personal information” means information relating to a living individual as defined under the Act on the Protection of Personal Information of Japan, Act No. 57 of 2003, and other applicable privacy or data protection laws.

This may include information that identifies a specific individual, such as name, email address, account identifiers, device identifiers, billing information, support communications, and other information that can identify an individual by being matched with other information.

Depending on the user’s location, personal information may also include “personal data,” “personal information,” “personally identifiable information,” or similar concepts under applicable laws such as GDPR, UK GDPR, CCPA/CPRA, or other local laws.

CopyCharm is designed to be local-first. By default, clipboard history, copied text, saved prompts, favorite clips, local notes, settings, and related work context are intended to be stored locally on the user’s device.

We do not automatically receive a user’s general clipboard history simply because the user installs or uses the CopyCharm desktop application.

Local Data remains on the user’s device unless the user chooses, configures, or enables a feature that sends selected data to CopyCharm cloud systems, such as AI Access, cloud sync, support submission, or another cloud-enabled feature.

Users are responsible for managing information stored on their own devices, including deleting Local Data, securing the device, controlling operating system user access, and using available CopyCharm controls such as pause, deletion, exclusions, ignore lists, or filtering where available.

We may collect account and license information, such as email address, license key, subscription status, activation information, purchase status, account identifiers, and related records.

We may collect purchase and billing-related information through our Merchant of Record, payment provider, licensing provider, or app store. This may include order ID, customer email, license status, subscription status, product purchased, renewal status, refund status, and limited billing metadata. We do not intentionally collect or store full payment card numbers on our own servers.

We may collect support and communication information, such as name, email address, inquiry details, support messages, screenshots, logs, files, and other information provided when a user contacts us.

We may collect website and analytics information, such as IP address, browser type, device type, operating system, referring URLs, pages viewed, approximate location, cookie identifiers, traffic source, search terms, and website usage patterns.

We may collect technical and diagnostic information, such as app version, operating system version, device type, error logs, crash information, feature usage, performance information, and security-related events.

We may collect AI Access Synced Data when a user enables or uses AI Access. This may include selected Saved Prompts, Favorite Clips, selected snippets, source labels, titles, metadata, and other items the user designates for AI Access.

We may collect any information a user intentionally submits to us through forms, email, support channels, surveys, beta feedback, or other communications.

Local Data may include clipboard history, copied text, saved prompts, favorite clips, local notes, app settings, local metadata, and other data stored by the CopyCharm desktop application on the user’s device.

Local Data is generally not transmitted to us unless the user enables a feature that syncs or sends selected data, submits information to support, or otherwise chooses to provide it to us.

Because CopyCharm captures clipboard data locally to function, it may incidentally capture sensitive information depending on what the user copies.

Users should be aware that clipboard history may include credentials, tokens, financial data, personal information, customer information, business information, confidential information, or other sensitive information if such information is copied on the device.

Users are responsible for managing Local Data and for securing their own devices, including operating system accounts, passwords, device encryption, malware protection, backups, and access by other users of the same device.

AI Access is optional. When enabled, AI Access is intended to sync only specific items designated by the user, such as Saved Prompts, Favorite Clips, or other selected AI Access items.

General clipboard history is not synced by default as part of the standard AI Access mode.

Synced AI Access data is encrypted using AES-256-GCM application-layer encryption before being stored in CopyCharm cloud systems.

If we materially change our encryption approach, we will update this Privacy Policy or our security documentation.

CopyCharm servers may decrypt selected AI Access items when necessary to provide search, fetch, retrieval, synchronization, support, security, abuse prevention, troubleshooting, or other service-related functionality.

AI Access is not end-to-end encrypted and is not a zero-knowledge service, because CopyCharm servers may need to decrypt selected Synced Data to provide search and fetch features.

The scope of Synced Data may depend on the user’s settings, plan, software version, and feature availability.

Users are responsible for deciding what data to make available through AI Access.

We use information to provide, operate, maintain, secure, and support CopyCharm.

We use information to activate licenses, manage subscriptions, verify purchase status, provide paid features, process billing-related records, and coordinate with our Merchant of Record, payment provider, licensing provider, or app store.

We use information to provide AI Access features, including sync, search, fetch, retrieval, cloud storage, troubleshooting, and support.

We use information to respond to inquiries, provide customer support, investigate bugs, troubleshoot problems, and communicate with users.

We use information to send important notices, such as changes to Terms of Use, Privacy Policy, security notices, service updates, billing notices, and operational communications.

We use information to maintain security, prevent fraud, detect abuse, investigate unauthorized access, enforce our Terms of Use, and protect users, the Company, and third parties.

We use information to analyze website traffic, product reliability, performance, and feature usage in order to maintain, secure, troubleshoot, and improve CopyCharm’s reliability and user experience, provided that we do not use user Content, Local Data, or Synced Data for model training unless the user explicitly opts in.

We use information to comply with legal obligations, respond to lawful requests, resolve disputes, and exercise or defend legal claims.

We do not use user Content, Local Data, or Synced Data to train proprietary machine learning models without the user’s explicit opt-in consent.

We do not permit third-party AI systems to use user Content, Local Data, or Synced Data for model training without the user’s explicit opt-in consent.

If a user connects CopyCharm or AI Access to a third-party AI service, selected data may be handled under that service’s terms and privacy policy.

Where we directly provide or configure an AI API integration, we will not authorize the provider to use submitted user Content, Local Data, or Synced Data for model training without the user’s explicit opt-in consent.

We may use aggregated or de-identified operational information to understand product performance, security, reliability, and usage patterns, provided that such information does not identify the user or reveal user Content.

Where applicable law requires a legal basis for processing personal information, we process information based on one or more of the following legal bases.

Contract: to provide CopyCharm, activate licenses, manage subscriptions, provide AI Access, respond to support requests, and perform our agreements with users.

Consent: when a user enables optional features, opts in to certain processing, subscribes to communications, or provides information voluntarily.

Legitimate interests: to maintain security, prevent abuse, improve reliability, understand website usage, troubleshoot errors, and operate our business, provided that such interests are not overridden by the user’s rights under applicable law.

Legal obligations: to comply with tax, accounting, consumer protection, privacy, security, law enforcement, and other legal requirements.

We may use third-party service providers to operate CopyCharm, including cloud hosting providers, database providers, analytics providers, email providers, error monitoring providers, customer support tools, licensing providers, payment providers, merchants of record, and AI platform providers.

For payments, taxes, invoicing, refunds, chargebacks, and purchase-related operations, we may use Lemon Squeezy or another Merchant of Record or payment provider.

For website analytics, we may use Google Analytics or similar analytics services to understand website usage and improve the Website.

For cloud features such as AI Access, we may use cloud infrastructure and database providers to store and process Synced Data.

These service providers may process information only as necessary to provide their services to us, subject to their own terms, privacy policies, and contractual obligations where applicable.

We do not sell users’ personal information.

For California users, we do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined under California privacy law unless we provide the required notice and opt-out mechanism.

We do not provide personal information to third parties without the user’s consent, except where permitted by applicable law or described in this Privacy Policy.

We may disclose information when required by law, regulation, court order, governmental request, or legal process.

We may disclose information when necessary to protect life, body, property, rights, safety, security, or the proper operation of CopyCharm, and obtaining consent is difficult or not required by law.

We may disclose information to service providers or processors within the scope necessary to operate CopyCharm, such as payment processing, licensing, hosting, analytics, email delivery, customer support, security, error monitoring, and cloud infrastructure.

We may disclose information in connection with a merger, acquisition, corporate reorganization, business transfer, financing, sale of assets, or succession of business.

We may disclose aggregated or de-identified information that does not identify a specific individual and does not reveal user Content.

We are based in Japan. Information may be processed in Japan and other countries where we or our service providers operate.

If applicable law requires safeguards for international transfers of personal information, we will use appropriate measures required by such law, such as adequacy mechanisms, Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum where applicable, or other legally recognized safeguards.

By using CopyCharm, users understand that their information may be processed in countries that may have different data protection laws from their country of residence.

We take reasonable technical, organizational, and physical measures to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction.

For AI Access, Synced Data is encrypted using AES-256-GCM application-layer encryption when stored in CopyCharm cloud systems.

No software, device, cloud service, encryption method, network, or security measure is completely secure.

Users are responsible for securing their own devices, operating system accounts, passwords, license keys, device tokens, access tokens, local backups, and local storage.

If a user suspects unauthorized access, misuse, or exposure of information related to CopyCharm, the user should contact us promptly.

When we entrust the handling of personal information to service providers, we select providers appropriately and supervise them as reasonably necessary to protect personal information.

Where appropriate, we use contractual, technical, or organizational measures to require service providers to handle information securely and only for permitted purposes.

Local Data is stored on the user’s device and may remain there until the user deletes it, clears it, uninstalls the app, resets the app, or otherwise removes it.

Synced Data is retained for as long as necessary to provide AI Access and related features, unless deleted earlier by the user or by us according to our policies.

Account, license, purchase, tax, and billing-related records may be retained for as long as necessary for legal, accounting, tax, dispute resolution, and compliance purposes.

Support communications may be retained for as long as necessary to respond to inquiries, improve support, maintain records, and protect our legal interests.

Backups and logs may persist for a limited period after deletion due to technical, security, or operational reasons.

Users may delete Local Data using available app controls, operating system controls, or by uninstalling or resetting the app, depending on the version and configuration.

Users may be provided with controls to delete or clear Synced Data from CopyCharm cloud systems. Availability and scope of these controls may vary by version or plan.

Users may contact us to request deletion of cloud-synced data associated with their account or license, subject to identity verification, technical limitations, backup retention, legal obligations, and legitimate business needs.

Deleting Synced Data may affect AI Access, search, fetch, cloud sync, and related features.

Depending on the user’s location and applicable law, users may have rights to request access, disclosure, correction, addition, deletion, suspension of use, erasure, restriction, objection, portability, or suspension of third-party provision of certain personal information.

Where processing is based on consent, users may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

EU and UK users may also have the right to lodge a complaint with their local data protection supervisory authority.

When we receive a request, we may verify the identity of the requester before responding.

We will respond to requests in accordance with applicable law. If we are not required to comply with a request under applicable law, or if an exception applies, we may decline all or part of the request and explain the reason where required.

Where permitted by law, we may charge a reasonable fee for certain requests, such as disclosure of retained personal data or records of third-party provision.

To make a request, contact us at hello@kk-inc.org.

If applicable law requires us to designate an EU or UK representative, we will provide the representative’s contact information in this Privacy Policy or by another appropriate notice. Until then, privacy requests should be sent to hello@kk-inc.org.

The Website may use cookies, similar technologies, and analytics tools to understand website usage, improve the Website, measure traffic, and maintain security.

Where required by applicable law, we will request consent before using non-essential cookies or analytics technologies.

We may use Google Analytics, a service provided by Google LLC, to understand website usage. Google Analytics may collect information such as page views, browser information, device information, approximate location, traffic source, and cookie identifiers.

Where Google Analytics 4 is used, Google states that Analytics does not log or store IP addresses from EU, Switzerland, or UK users. We also use available analytics privacy controls where appropriate.

Information collected through Google Analytics is managed by Google in accordance with Google’s terms and privacy policies.

Users may disable cookies through browser settings, use available opt-out tools, or adjust privacy settings where available. Some website features may not function properly if cookies are disabled.

CopyCharm is not intended for use by children under the age of 13, or under 16 where applicable law requires, without appropriate consent from a parent, guardian, or legal representative.

If a minor uses CopyCharm, the minor must obtain consent from a parent, guardian, or legal representative where required by applicable law.

If we learn that we have collected personal information from a child or minor in violation of applicable law, we will take appropriate steps to delete or handle the information as required by law.

If we are involved in a merger, acquisition, corporate reorganization, business transfer, financing, sale of assets, bankruptcy, or similar transaction, information may be transferred as part of that transaction.

In such cases, we will take reasonable steps to ensure that the successor handles personal information in a manner consistent with this Privacy Policy or provides appropriate notice where required by law.

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice by website notice, email, in-app notice, or another appropriate method.

The updated Privacy Policy will become effective on the effective date stated in the notice or, if no date is stated, when posted.

For questions, requests, or inquiries regarding this Privacy Policy or the handling of personal information, please contact:

KK Inc.

1487-55 Shinohara-cho, Kohoku-ku, Yokohama-shi, Kanagawa, Japan

Email: hello@kk-inc.org

Established: May 30, 2026

Effective: May 30, 2026